xref: /kernel/linux/linux-5.10/crypto/asymmetric_keys/x509_cert_parser.c

66 	struct x509_parse_context *ctx;
80 	ctx = kzalloc(sizeof(struct x509_parse_context), GFP_KERNEL);
81 	if (!ctx)
84 	ctx->cert = cert;
85 	ctx->data = (unsigned long)data;
88 	ret = asn1_ber_decoder(&x509_decoder, ctx, data, datalen);
93 	if (ctx->raw_akid) {
95 			 ctx->raw_akid_size, ctx->raw_akid_size, ctx->raw_akid);
96 		ret = asn1_ber_decoder(&x509_akid_decoder, ctx,
97 				       ctx->raw_akid, ctx->raw_akid_size);
105 	cert->pub->key = kmemdup(ctx->key, ctx->key_size, GFP_KERNEL);
109 	cert->pub->keylen = ctx->key_size;
111 	cert->pub->params = kmemdup(ctx->params, ctx->params_size, GFP_KERNEL);
115 	cert->pub->paramlen = ctx->params_size;
116 	cert->pub->algo = ctx->key_algo;
139 	kfree(ctx);
143 	kfree(ctx);
159 	struct x509_parse_context *ctx = context;
161 	ctx->last_oid = look_up_OID(value, vlen);
162 	if (ctx->last_oid == OID__NR) {
166 			 (unsigned long)value - ctx->data, buffer);
179 	struct x509_parse_context *ctx = context;
182 		 hdrlen, tag, (unsigned long)value - ctx->data, vlen);
184 	ctx->cert->tbs = value - hdrlen;
185 	ctx->cert->tbs_size = vlen + hdrlen;
196 	struct x509_parse_context *ctx = context;
198 	pr_debug("PubKey Algo: %u\n", ctx->last_oid);
200 	switch (ctx->last_oid) {
207 		ctx->cert->sig->hash_algo = "md4";
211 		ctx->cert->sig->hash_algo = "sha1";
215 		ctx->cert->sig->hash_algo = "sha256";
219 		ctx->cert->sig->hash_algo = "sha384";
223 		ctx->cert->sig->hash_algo = "sha512";
227 		ctx->cert->sig->hash_algo = "sha224";
231 		ctx->cert->sig->hash_algo = "sha1";
235 		ctx->cert->sig->hash_algo = "sha224";
239 		ctx->cert->sig->hash_algo = "sha256";
243 		ctx->cert->sig->hash_algo = "sha384";
247 		ctx->cert->sig->hash_algo = "sha512";
251 		ctx->cert->sig->hash_algo = "streebog256";
255 		ctx->cert->sig->hash_algo = "streebog512";
259 		ctx->cert->sig->hash_algo = "sm3";
264 	ctx->cert->sig->pkey_algo = "rsa";
265 	ctx->cert->sig->encoding = "pkcs1";
266 	ctx->algo_oid = ctx->last_oid;
269 	ctx->cert->sig->pkey_algo = "ecrdsa";
270 	ctx->cert->sig->encoding = "raw";
271 	ctx->algo_oid = ctx->last_oid;
274 	ctx->cert->sig->pkey_algo = "sm2";
275 	ctx->cert->sig->encoding = "raw";
276 	ctx->algo_oid = ctx->last_oid;
279 	ctx->cert->sig->pkey_algo = "ecdsa";
280 	ctx->cert->sig->encoding = "x962";
281 	ctx->algo_oid = ctx->last_oid;
292 	struct x509_parse_context *ctx = context;
294 	pr_debug("Signature type: %u size %zu\n", ctx->last_oid, vlen);
296 	if (ctx->last_oid != ctx->algo_oid) {
298 			ctx->algo_oid, ctx->last_oid);
302 	if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0 ||
303 	    strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0 ||
304 	    strcmp(ctx->cert->sig->pkey_algo, "sm2") == 0 ||
305 	    strcmp(ctx->cert->sig->pkey_algo, "ecdsa") == 0) {
314 	ctx->cert->raw_sig = value;
315 	ctx->cert->raw_sig_size = vlen;
326 	struct x509_parse_context *ctx = context;
327 	ctx->cert->raw_serial = value;
328 	ctx->cert->raw_serial_size = vlen;
339 	struct x509_parse_context *ctx = context;
341 	switch (ctx->last_oid) {
343 		ctx->cn_size = vlen;
344 		ctx->cn_offset = (unsigned long)value - ctx->data;
347 		ctx->o_size = vlen;
348 		ctx->o_offset = (unsigned long)value - ctx->data;
351 		ctx->email_size = vlen;
352 		ctx->email_offset = (unsigned long)value - ctx->data;
364 static int x509_fabricate_name(struct x509_parse_context *ctx, size_t hdrlen,
368 	const void *name, *data = (const void *)ctx->data;
376 	if (!ctx->cn_size && !ctx->o_size && !ctx->email_size) {
384 	if (ctx->cn_size && ctx->o_size) {
388 		namesize = ctx->cn_size;
389 		name = data + ctx->cn_offset;
390 		if (ctx->cn_size >= ctx->o_size &&
391 		    memcmp(data + ctx->cn_offset, data + ctx->o_offset,
392 			   ctx->o_size) == 0)
394 		if (ctx->cn_size >= 7 &&
395 		    ctx->o_size >= 7 &&
396 		    memcmp(data + ctx->cn_offset, data + ctx->o_offset, 7) == 0)
399 		buffer = kmalloc(ctx->o_size + 2 + ctx->cn_size + 1,
405 		       data + ctx->o_offset, ctx->o_size);
406 		buffer[ctx->o_size + 0] = ':';
407 		buffer[ctx->o_size + 1] = ' ';
408 		memcpy(buffer + ctx->o_size + 2,
409 		       data + ctx->cn_offset, ctx->cn_size);
410 		buffer[ctx->o_size + 2 + ctx->cn_size] = 0;
413 	} else if (ctx->cn_size) {
414 		namesize = ctx->cn_size;
415 		name = data + ctx->cn_offset;
416 	} else if (ctx->o_size) {
417 		namesize = ctx->o_size;
418 		name = data + ctx->o_offset;
420 		namesize = ctx->email_size;
421 		name = data + ctx->email_offset;
433 	ctx->cn_size = 0;
434 	ctx->o_size = 0;
435 	ctx->email_size = 0;
443 	struct x509_parse_context *ctx = context;
444 	ctx->cert->raw_issuer = value;
445 	ctx->cert->raw_issuer_size = vlen;
446 	return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->issuer, vlen);
453 	struct x509_parse_context *ctx = context;
454 	ctx->cert->raw_subject = value;
455 	ctx->cert->raw_subject_size = vlen;
456 	return x509_fabricate_name(ctx, hdrlen, tag, &ctx->cert->subject, vlen);
466 	struct x509_parse_context *ctx = context;
473 	if (!ctx->cert->raw_subject || ctx->key)
475 	ctx->params = value - hdrlen;
476 	ctx->params_size = vlen + hdrlen;
487 	struct x509_parse_context *ctx = context;
490 	ctx->key_algo = ctx->last_oid;
491 	switch (ctx->last_oid) {
493 		ctx->cert->pub->pkey_algo = "rsa";
497 		ctx->cert->pub->pkey_algo = "ecrdsa";
500 		if (parse_OID(ctx->params, ctx->params_size, &oid) != 0)
505 			ctx->cert->pub->pkey_algo = "sm2";
508 			ctx->cert->pub->pkey_algo = "ecdsa-nist-p192";
511 			ctx->cert->pub->pkey_algo = "ecdsa-nist-p256";
514 			ctx->cert->pub->pkey_algo = "ecdsa-nist-p384";
527 	ctx->key = value + 1;
528 	ctx->key_size = vlen - 1;
542 	struct x509_parse_context *ctx = context;
546 	pr_debug("Extension: %u\n", ctx->last_oid);
548 	if (ctx->last_oid == OID_subjectKeyIdentifier) {
550 		if (ctx->cert->skid || vlen < 3)
557 		ctx->cert->raw_skid_size = vlen;
558 		ctx->cert->raw_skid = v;
562 		ctx->cert->skid = kid;
567 	if (ctx->last_oid == OID_authorityKeyIdentifier) {
569 		ctx->raw_akid = v;
570 		ctx->raw_akid_size = vlen;
676 	struct x509_parse_context *ctx = context;
677 	return x509_decode_time(&ctx->cert->valid_from, hdrlen, tag, value, vlen);
684 	struct x509_parse_context *ctx = context;
685 	return x509_decode_time(&ctx->cert->valid_to, hdrlen, tag, value, vlen);
695 	struct x509_parse_context *ctx = context;
700 	if (ctx->cert->sig->auth_ids[1])
707 	ctx->cert->sig->auth_ids[1] = kid;
718 	struct x509_parse_context *ctx = context;
722 	ctx->akid_raw_issuer = value;
723 	ctx->akid_raw_issuer_size = vlen;
734 	struct x509_parse_context *ctx = context;
739 	if (!ctx->akid_raw_issuer || ctx->cert->sig->auth_ids[0])
744 					 ctx->akid_raw_issuer,
745 					 ctx->akid_raw_issuer_size);
750 	ctx->cert->sig->auth_ids[0] = kid;

Indexes created Thu Nov 07 10:32:03 CST 2024